Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 2537a8b5b6ab9e8908ddc27178e88bf80d9dfc10^1..2537a8b5b6ab9e8908ddc27178e88bf80d9dfc10 / .
commit2537a8b5b6ab9e8908ddc27178e88bf80d9dfc10[log] [tgz]
authorAndroid Build Merger (Role) <noreply-android-build-merger@google.com>Wed Jun 05 01:50:16 2019 +0000
committerAndroid Build Merger (Role) <noreply-android-build-merger@google.com>Wed Jun 05 01:50:16 2019 +0000
treec284378ff2ee49e239be799ca680153d8c6e57c5
parent26bf1d249948488e01a1f8afcbd773989b7f5567 [diff]
parent7e71b6ee21b4b13b3aa3c9296a4aee460852b426 [diff]
[automerger] libbinder: readCString: no ubsan sub-overflow am: d0d4b584fc am: a7134ad559 am: 7e71b6ee21

Change-Id: I0491a6e34395957d11b1f0baf70ed0bb712fc44f

diff --git a/libs/binder/Parcel.cpp b/libs/binder/Parcel.cpp
index e5a34c2..e9c26ea 100644
--- a/libs/binder/Parcel.cpp
+++ b/libs/binder/Parcel.cpp

@@ -1907,8 +1907,8 @@
 
 const char* Parcel::readCString() const
 {
-    const size_t avail = mDataSize-mDataPos;
-    if (avail > 0) {
+    if (mDataPos < mDataSize) {
+        const size_t avail = mDataSize-mDataPos;
         const char* str = reinterpret_cast<const char*>(mData+mDataPos);
         // is the string's trailing NUL within the parcel's valid bounds?
         const char* eos = reinterpret_cast<const char*>(memchr(str, 0, avail));